[Year 12 IPM] OT Security Hole
Andrew Shortell
a.shortell at braemar.vic.edu.au
Tue Aug 15 12:01:58 EST 2006
Hi Listers
Yesterday I had a student show me a security hole in our network where
he could add print credit to his GAIA account.
The share in which the software is held has read permissions so that the
workstation can access details of the user's account before printing.
The details of the vouchers are kept in that same share. He was able to
access the records of the unused vouchers and give himself -or anyone
else - extra credit. Of course that is traceable but........ You might
like to examine your own to see if you can tighten up. (He is now
working on a challenge to be able to add print credit untraceably!!)
As I often say to students, you should always investigate things
thoroughly - especially jobs and always do background checks before you
apply. After all, one doesn't want one's students (or friends) to make
the same mistakes one made one's self !! (when one was younger of
course).
Cheers
Andrew
Andrew Shortell
Braemar College
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.edulists.com.au/pipermail/ipm/attachments/20060815/9f43731c/attachment.html
More information about the ipm
mailing list